Professional Documents
Culture Documents
Narrative: Risks are identified by any project / division / program stakeholder and entered into the Risk Tracker system. The risk
undergoes an initial assessment by the Program / Division / Project Manager. The risk is then assigned to a responsible party to
manage the risk and determine a treatment strategy. The risk is periodically updated and reported on in the program monthly status
report if it meets reporting thresholds.
Benefits of Current Risk Management Process:
•Flexible open source Trac project tracking system has
been tailored to manage risk documentation, risk
management, and risk reporting for the entire program.
•Standard processes across applications, projects and
divisions
•Adheres to GSA SDLC
Define
Establish A
Organization,
Risk
Resources,
Management
Approaches
Strategy
and Schedules Plan /
Program Mangers / Risk Evaluate
Execute Risk
Management Shared Service / Select Report
Avoidance.
Team Risks to Risks
Mitigation,
Manage
Determine Risk Contingency
Categories Track
Parameters, Risks
Division Program Status and
Manger / Process Reporting Perfor
Engineering Manager / Identify m Risk
Project Manager / Risks Assess
Project Lead ment
Project Team /
Stakeholders
• Risk Identification
– Risks are inherent in events that, when triggered, cause problems.
– Risk identification starts with the source of problems.
• Is it a Risk or an Issue?
– Risks are problems caused by future events
– Issues are current problems
– Some problems may have occurred, but may also occur again in the future.
Treat these as risks.
• Source Analysis
– The risk sources may be internal or external to the system.
– Examples of risk sources are:
• External organizations providing information, hardware, software or people.
• New technologies that have not been used.
• Other projects or emergencies that may divert resources from the project.
• Significant events that may alter the scope, resources or time allotted.
• Problem Analysis
– Risks are related to identified threats.
– Any threat to the success of the project or organization is a potential risk.
• Probability
− Four contributing factors to probability are:
• Immaturity,
• Dependency,
• Complexity, and
• Consistency.
− Probability is measured on a scale of 1 to 3, 3 being the
highest probability of occurrence:
• High (3)- Greater than 70% likelihood of occurrence
• Medium (2) - Between 30% and 70% likelihood of occurrence
• Low (1) - Below 30% likelihood of occurrence.
Impact
• Risk Acceptance
– May accept the risk if you have no control or influence
– Actions
• No action
• Contingency Plan, identify the trigger that initiates the plan, the actions
(tasks) and who is responsible
• Risk Avoidance
– Don’t perform the activity that carries the risk
• Risk Mitigation
– Take actions to reduce the impact or probability of the risk
– Identify the actions, who is responsible and the milestone dates
• Risk Transfer
– Transfer the risk to another party
• Mitigation Plan
– Identify the tasks to mitigate the risk and number them.
– For each task, identify who has responsibility for that task and the milestone
dates for accomplishing actions under the tasks.
– As the status of the mitigation tasks changes, but no less than once a
month, update the status of the mitigation task. At the end of the task, put
the date, then the updated status. Do not remove previous task information.
• Contingency Plan
– Identify the Trigger for the contingency plan and the person responsible for
the tasks in the plan. If you know the date when the trigger event is likely to
occur add that. Describe the tasks.
• Avoidance Plan
– This could be a transfer of risk responsibility or a change in approach that
avoids the risk altogether.
– Again, include responsible persons and dates.
– Start now.
– Risk Management is the responsibility of all project managers and team leads.
– DPMs are responsible for making sure risks are being managed and reported.
– Start risk identification and assessment in the planning stage.
– Include risk management on the agenda for your status meetings.
– Review the mitigation and contingency tasks and document the updated status.
– Mark tasks as complete and add new mitigation tasks as appropriate.
– Update the status in Risk Tracker during the meeting or immediately following.
• URL: http://dtrac.fss.gsa.gov/projects/RiskTracker/
• Support/Administration Contacts (add projects, change
custom fields, change permissions, report help, etc…)
– Benjamin Murphy | benjamin.murphy@gsa.gov |
703.888.0722
– Girish Ghaisas | girish.ghaisas@gsa.gov | 703.605.9024
– Dinanath Satam | dinanath.satam@gsa.gov | 703.605.9024